Privacy Policy

Rousora processes personal information in accordance with the Protection of Personal Information Act (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR). We ensure that all data processing activities are lawful, reasonable, and relevant to our business operations.

We rely on the following legal bases to process personal information:

1. Consent
1. Where users voluntarily provide personal information, we process it based on their informed and explicit consent.
2. Consent may be withdrawn at any time, subject to legal or contractual restrictions.
2. Contractual Necessity
1. Processing is required to fulfill our obligations under a contract, such as providing access to our services, responding to inquiries, or delivering customer support.
3. Legal Obligation
1. We may process personal information to comply with applicable laws, regulations, or lawful requests from authorities.
4. Legitimate Interest
1. We process data to pursue our legitimate business interests, such as improving our services, securing our systems, and communicating with users—provided such interests do not override the rights and freedoms of data subjects.
5. Performance of a Public Duty
1. In rare cases, processing may be necessary to carry out a task in the public interest or under official authority.
6. Vital Interests
1. Where necessary to protect the life or physical safety of a data subject or another person.

Rousora collects and processes personal information that is necessary to deliver our services, improve user experience, and comply with legal obligations. 

The types of personal information we may collect include:

1. Identity Information
1. - Full name
2. - Company name (if applicable)
3. - Job title or role
2. Contact Information
1. - Email address
2. - Telephone number
3. - Physical or postal address
3. Technical Information
1. - IP address
2. - Browser type and version
3. - Device type and operating system
4. - Referring URLs and session timestamps
4. Usage Data
1. - Pages visited on our website
2. - Interaction with our chatbot or contact forms
3. - Preferences and settings selected
4. - Time spent on site or specific features
5. Communication Records
1. - Messages submitted via chatbot, contact forms, or email
2. - Support queries and feedback
3. - Call recordings (if applicable and with consent)
6. Marketing and Analytics Data
1. - Cookie identifiers and tracking pixels
2. - Engagement with email campaigns or ads
3. - Search terms and referral sources
7. CRM/ERP Integration Data
1. - Customer account details
2. - Transaction history
3. - Service usage metrics
4. - Custom fields relevant to business operations
8. Sensitive Personal Information (only when explicitly required and with consent)
1. - Demographic data, e.g. age, gender
2. - Location data
3. - Any other data voluntarily submitted that may be considered sensitive under POPIA or GDPR

1. Rousora collects personal information through various channels to ensure seamless service delivery, personalised support, and continuous improvement of our offerings. Information may be collected in the following ways:
2. Direct Interactions
1. We collect information when users:
1. - Submit inquiries via our website or chatbot
2. - Register for services or create an account
3. - Subscribe to newsletters or marketing communications
4. - Provide feedback, complete surveys, or engage with support
3. Automated Technologies
1. When users interact with our website or services, we may automatically collect technical and usage data through:
1. - Cookies and tracking technologies
2. - Web analytics tools (e.g. Google Analytics)
3. - Chatbot interactions and session logs
4. - Device and browser metadata
4. Third-Party Integrations
1. We may receive personal information from trusted third-party sources, including:
1. - CRM or ERP platforms integrated with our services
2. - Advertising and marketing partners
3. - Social media platforms (if users engage via linked accounts)
4. - Payment processors or billing systems
5. Publicly Available Sources
1. Where permitted by law, we may collect information from public databases, directories, or online platforms to verify identity or enrich user profiles.

Rousora collects personal information to deliver intelligent, responsive, and secure customer service experiences. The purposes for which data is collected include:

1. Service Delivery and Personalisation
1. - To provide access to our AI chatbot and related services
2. - To tailor responses and support based on user preferences and interaction history
3. - To ensure accurate integration with CRM, ERP, and other business systems
2. Communication and Engagement
1. - To respond to inquiries, support requests, and feedback
2. - To send service updates, newsletters, and promotional content (with consent)
3. - To notify users about changes to our services, policies, or terms
3. Analytics and Improvement
1. - To monitor usage patterns and optimise system performance
2. - To improve chatbot accuracy and relevance through anonymised interaction data
3. - To enhance user experience and develop new features
4. Security and Compliance
1. - To verify identity and prevent unauthorised access
2. - To detect and mitigate fraud, abuse, or technical threats
3. - To comply with legal obligations under POPIA, GDPR, and other applicable laws
5. Marketing and Business Development
1. - To analyse user interests and engagement for campaign targeting
2. - To refine search themes and ad strategies aligned with business goals
3. - To support strategic partnerships and platform integrations

Rousora does not sell personal information. We only disclose personal data when necessary to deliver services, comply with legal obligations, or improve user experience. 

Disclosures may occur under the following circumstances:

1. Trusted Service Providers
1. We may share personal information with third-party vendors who assist us in:
1. - Hosting and infrastructure (e.g. cloud platforms, DNS, SSL providers)
2. - CRM, ERP, and marketing automation integrations
3. - Payment processing and billing
4. - Analytics, advertising, and performance tracking
2. These providers are contractually bound to safeguard data and use it only for authorised purposes.
2. Legal and Regulatory Requirements
1. We may disclose personal information:
1. - To comply with applicable laws, regulations, or lawful requests
2. - In response to subpoenas, court orders, or government investigations
3. - To enforce our terms of service or protect our rights, users, or the public
3. Business Transfers
1. In the event of a merger, acquisition, or asset sale, personal information may be transferred to the relevant third party, subject to continued protection under this policy.
4. User Consent
1. We may disclose personal information to other parties when users explicitly consent to such sharing—for example, when connecting third-party accounts or requesting integrations.

Rousora takes data security and responsible retention seriously. We store personal information using secure, access-controlled systems and retain it only for as long as necessary to fulfill the purposes outlined in this policy.

1. Storage Locations
1. - Data is stored on secure servers hosted by trusted infrastructure providers, which may be located in South Africa or internationally, depending on service architecture and redundancy requirements.
2. - All storage providers are vetted for compliance with POPIA, GDPR, and other applicable data protection laws.
2. Retention Periods
1. We retain personal information based on the following criteria:
1. - Active use: As long as the user maintains an active relationship with Rousora, e.g. chatbot usage, CRM integration, support engagement
2. - Legal and regulatory obligations: As required by law, including tax, accounting, and compliance records
3. - Business needs: For analytics, service improvement, and historical reference, unless deletion is requested
4. - Consent-based data: Retained until consent is withdrawn or the purpose is fulfilled
3. Deletion and Anonymisation
1. - When data is no longer needed, we securely delete or anonymize it to prevent identification.
2. - Users may request deletion of their personal information at any time, subject to legal and operational constraints.
4. Backup and Recovery
1. - Regular backups are maintained to ensure data integrity and business continuity.
2. - Backup data is stored securely and subject to the same retention and deletion policies.

Rousora is committed to protecting personal information through layered, proactive security measures. We apply both technical and organisational safeguards to ensure data confidentiality, integrity, and availability across all systems and services.

1. Technical Safeguards
1. - Encryption: All data in transit is encrypted using industry-standard protocols, e.g. HTTPS/TLS. Sensitive data at rest is encrypted where applicable.
2. - Access Controls: Role-based access and authentication mechanisms restrict data access to authorised personnel only.
3. - Firewall & Intrusion Detection: Network-level protections are in place to detect and block unauthorised access attempts.
4. - Secure Hosting: Our infrastructure partners are vetted for compliance with POPIA, GDPR, and ISO/ IEC 27001 standards.
5. - Regular Patching: Systems are routinely updated to mitigate vulnerabilities and maintain security posture.
2. Organisational Safeguards
1. - Staff Training: Team members are trained on data protection principles, privacy compliance, and secure handling of personal information.
2. - Data Minimisation: We collect only the data necessary for specific purposes and avoid excessive retention.
3. - Incident Response: A formal protocol is in place to detect, report, and respond to data breaches or security incidents swiftly and transparently.
4. - Vendor Oversight: Third-party service providers are contractually obligated to maintain equivalent security standards.
3. User Responsibility
1. While we take every reasonable measure to protect data, users also play a role in safeguarding their information. We encourage:
1. - Using strong, unique passwords
2. - Avoiding the sharing of sensitive data via unsecured channels
3. - Reporting any suspicious activity or unauthorized access

Rousora respects your right to privacy and empowers you to control your personal information. 

Depending on your jurisdiction and applicable data protection laws (including POPIA and GDPR), you may exercise the following rights:

1. Right to Access
1. You may request confirmation of whether we hold personal information about you and obtain a copy of that information, along with details on how it is used.
2. Right to Correction
1. If your personal information is inaccurate, outdated, or incomplete, you have the right to request that we correct or update it.
3. Right to Erasure ("Right to be Forgotten")
1. You may request the deletion of your personal information where:
1. - It is no longer necessary for the purposes collected
2. - You withdraw consent (where applicable)
3. - You object to processing and there are no overriding legitimate grounds
4. - The data was unlawfully processed
4. Right to Object
1. You may object to the processing of your personal information for direct marketing, profiling, or other purposes based on legitimate interest.
5. Right to Restriction of Processing
1. You may request that we temporarily suspend processing of your personal information under certain conditions (e.g. while a correction or objection request is being reviewed).
6. Right to Data Portability
1. Where technically feasible, you may request that your personal information be provided to you or transferred to another service provider in a structured, commonly used format.
7. Right to Withdraw Consent
1. Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
8. Right to Lodge a Complaint
1. If you believe your rights have been violated, you may lodge a complaint with the relevant data protection authority. In South Africa, this is the Information Regulator (https://www.justice.gov.za/inforeg/).

Rousora uses cookies and similar tracking technologies to enhance user experience, analyse site performance, and deliver personalised content. 

We are committed to transparency and compliance with international privacy standards, including GDPR, POPIA, and Germany’s updated TTDSG regulations.

1. Types of Cookies We Use
1. - Essential Cookies: Required for core site functionality, e.g. security, session management. These do not require user consent.
2. - Analytics Cookies: Help us understand how users interact with our site and services.
3. - Marketing Cookies: Used to deliver relevant ads and measure campaign effectiveness.
4. - Functional Cookies: Enhance features like language preferences or chatbot behavior.
2. Consent Requirements
1. In line with GDPR and Germany’s Telekommunikation-Telemedien-Datenschutzgesetz (TTDSG):
1. - Prior opt-in consent is required for all non-essential cookies (analytics, marketing, personalisation).
2. - Consent must be freely given, specific, informed, and unambiguous.
3. - Users must be able to reject cookies as easily as they accept them, with no dark patterns or misleading design.
4. - Consent is valid for 6–12 months in Germany and must be revocable at any time.
3. Cookie Banner and Preferences
1. - Our cookie banner is designed to meet EU and German standards, offering clear choices and granular controls.
2. - Users can manage preferences or withdraw consent via the [Cookie Settings] link available on every page.
4. Third-Party Technologies
1. We may use third-party services, e.g. Google Analytics, Meta Pixel that place cookies or similar identifiers. These providers are contractually obligated to comply with applicable data protection laws.
5. Do Not Track & Browser Settings
1. Rousora respects browser-level privacy signals where technically feasible. Users may also configure their browser to block or delete cookies.

Rousora may transfer personal information across borders to deliver services, maintain infrastructure, and support global operations. 

We ensure that all international data transfers are conducted in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), South Africa’s Protection of Personal Information Act (POPIA), and other relevant frameworks.

1. Transfer Mechanisms
1. When personal data is transferred outside of South Africa, the European Economic Area (EEA), or other jurisdictions with adequate protection laws, we rely on one or more of the following safeguards:
1. - Standard Contractual Clauses (SCCs) approved by the European Commission
2. - Data Processing Agreements (DPAs) with binding obligations on data protection
3. - Adequacy decisions where applicable, e.g. transfers to countries deemed adequate by the EU
4. - Explicit user consent, where no other legal basis applies
2. Hosting and Infrastructure
1. Our services may be hosted on cloud platforms located in multiple regions, including Europe, North America, and Asia-Pacific. 
2. All providers are vetted for compliance with international privacy standards and contractual safeguards.
3. Risk Assessments
1. In line with recent EU enforcement trends, Rousora conducts Transfer Impact Assessments (TIAs) where required, evaluating:
1. - The legal environment of the destination country
2. - The nature of the data and processing activities
3. - The effectiveness of technical and contractual safeguards
4. User Rights and Transparency
1. We remain committed to transparency. 
1. Users may request:
1. - Information about the countries to which their data is transferred
2. - A copy of the applicable safeguards, e.g. SCCs or DPA terms

Rousora is committed to protecting the privacy of children and complying with all applicable laws governing the collection and use of minors’ personal information. 

Our services are general business services and should not apply to children.  We don't publish any offensive content, but generally we hold the our content may not intended for use by children under the age of 13 (or the age defined by local law), and we do not knowingly collect personal data from children without verified parental consent.

1. Age Restrictions
1. - Users must be at least 13 years old to access Rousora’s services, unless a higher age threshold applies in their jurisdiction, e.g. 16 under GDPR in some EU countries.
2. - We do not knowingly process data from children under these age limits without appropriate parental or guardian authorisation.
2. Parental Consent
1. - Where services may be accessed by minors, we implement verifiable parental consent mechanisms before collecting or processing any personal data.
2. - Consent must be explicit, informed, and revocable, and may require identity verification of the parent or guardian.
3. Design and Safeguards
1. In line with recent EU and German regulations:
1. - Children’s accounts must be private by default, with no public sharing of profile data, location, or activity unless explicitly enabled.
2. - We avoid manipulative design patterns, e.g. autoplay, infinite scroll, gamified nudges that may exploit children’s attention or behavior.
3. - Recommendation systems are carefully reviewed to prevent excessive screen time or algorithmic profiling of minors.
4. Data Minimisation and Transparency
1. - We collect only the minimum data necessary to deliver age-appropriate services.
2. - All data practices are explained in clear, age-appropriate language, and children (where applicable) are informed of their rights.
5. Enforcement and Accountability
1. - If we discover that personal data has been collected from a child without proper consent, we will promptly delete the data and take corrective action.
2. - Parents or guardians may contact us to review, correct, or delete their child’s information at any time.

Rousora may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data protection practices. 

We are committed to maintaining transparency and will ensure that any updates are clearly communicated.

1. Notification of Changes
1. - Material changes will be announced via our website, chatbot interface, or direct email (where applicable).
2. - The “Last Updated” date at the top of this policy will indicate when revisions were made.
2. User Acknowledgment
1. - Continued use of our website or services after a policy update constitutes acceptance of the revised terms.
2. - We encourage users to review this policy periodically to stay informed about how their personal information is handled.
3. Version Control
1. - Archived versions of this policy may be made available upon request for reference or compliance purposes.